IA Engineer 4 in Stuttgart bei Govcio LLC

Govcio LLC

Overview:

GovCIO is currently hiring for a Cloud Security and Compliance SME to Conduct program/system security status assessments and supports the development of Cybersecurity program(s) including the development of policies and procedures in accordance with DoDI 8500.01 Risk Management Framework. This position will be located in Stuttgart, Germany and will be an onsite only position.

Responsibilities:

Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management). Assesses and mitigates system security threats and risks throughout the program life cycle. Validates system security requirements definition and analysis. Establishes system security designs. Implements security designs in hardware, software, data, and procedures. Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Supports secure systems operations and maintenance.

Participates with the client in the strategic design process to translate security and business requirements into technical designs.
Configures and validates secure systems and tests security products and systems to detect security weakness; performs network scanning and vulnerability analysis.
Ensures that the appropriate security features and safeguards have been implemented on all information systems as required by DoD/IC policy and directives, and industry best practices.
Performs defense device system installation, configuration maintenance, account maintenance, signature maintenance, patch management, and troubleshooting of all implemented, maintained, and deployed systems.
Provides security certification test and evaluation of assets, vulnerability management and response, security assessments, customer support and provides guidance on security issues.
Conduct program/system security status assessments and supports the development of Cybersecurity program(s) including the development of policies and procedures in accordance with DoDI 8500.01 Risk Management Framework.
Develop and Manage RMF for on-premises and cloud environments in the eMASS tool to achieve Authorizing Official's (AO) Authorization Decision Document (ADD) utilizing the RMF Package Approval Chain (PAC) process
Support IL2/IL5/IL6 cloud environments for Infrastructure as Code (IaC), Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and enterprise Software as a Service (SaaS)
Tracks organizational cybersecurity compliance, ensures necessary remediation needs are communicated, tracks remediation through completion and ensures necessary cybersecurity documentation is accurate and in order.
Responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by information systems to determine the overall effectiveness of the controls.
Prepares for, assists with, and monitors cyber assessments (staff assistance visits [SAV], Command Cyber Readiness Inspections [CCRI], NSA Red and Blue Team assessments, vulnerability scans, assessment and authorization [A&A] reviews).
Develops technical standards (SOP\TTPs, technical implementation instructions, or other required documentation) for security focused processes, security operations and other operations as required for Government approval.
Works closely with defensive cybersecurity operation (DCO) teams to identify, monitor and respond to cyber events\incidents from discovery to closure as a part of the local incident response policies.
Interacts with customers, IT staff, and high-level military officials to assist in defining and achieving required cybersecurity objectives for the organization.
Conduct Risk Assessments, determine the risk to operations, and provide risk recommendations to the customer after reviewing a system’s overall risk posture as part of the Security Authorization (Authority to Operate\Connect) process.
Through basic understanding of network security fundamentals, LAN\WAN switching technologies, routing technologies, infrastructure security technologies and services, reviews network architecture diagrams for cybersecurity compliance.
Responsible for assessing and authorizing the use of software and hardware across multiple enterprise networks.